Using a Powershell wrapper to securely authenticate to Neo4J to execute CYPHER using Bolt.
I've been busily developing some of my automation leveraging Neo4j with our CommitCRM and Check_MK (Nagios) monitoring platform.
I wanted to automate my process for updating the graph database and generating tickets. In order to do this securely I wanted to execute CYPHER scripts with windows task scheduler.
To make this easier I've built a powershell wrapper to run my scripts. This consists of defining a neo4j datasource with the server location, user and password:
Download/install the Neo4j.Driver nuget packageCheck out this post by Glenn Sarti for more information.
Configure your datasource:
First you will be prompted to locate the Neo4j.Driver.
Next supply the datasource name
Now the URL to your Neo4j database
Then the user/password
Now the script will attempt to connect using the provided information, and if successful will store the information in your registry under HKCU\Software\neo4j-wrapper\Datasource\your-datasource-name.
set-n4credentials.ps1 can be used to store multiple named datasources and will store each server URL, user, and password combination within a seperate reg key
Retrieve the datasourceNow you can use the execute-cypher-query.ps1 to securely retrieve the credentials from the registry and run your CYPHER code within powershell.
If the server is accessible and the credentials are correct, it will run whatever cypher code you run in the $query variable. For example I've included a simple query to count the number of nodes in the graph database and return the results.
and here's the output:
In SummaryThis should provide a secure way to run CYPHER scripts natively from powershell using the BOLT protocol. to allow for authentication without putting clear-text passwords within your powershell scripts.
Here's the example scripts in github:
In a future version I'd like to use paramters to provide external .cypher scripts to run to truly use this as a wrapper. I'd also like to store datasources that I reference fromWITHIN my cypher scripts. (for instance apoc.load.json where I am required to provide API key or user credentials within the URL or as a header).